Useful links:

Manager's Guide to Information Security (MGIS)

Following a formal review by the members of the Security Forum, MGIS was approved for
publication during the Security Forum meeting in Amsterdam, 24-26 October 2001.

The main contributing author and editor of drafts leading to delivery for publication
was Eliot Solomon (Securities Industry Automation Corporation).

MGIS is available on the Web as publication reference G250, and paperback
copies are available by contacting Ian Dobson.

What is MGIS?

MGIS is a no-nonsense guide to the use of
information security technology in business environments. It explains what information
security is about, in non-technical language  toallow business decision-makers and others who are not security experts to
enter what has until now often seemed an impenetrable world.

The MGIS unlocks information security in a
direct and informal way. It does not offer easy solutions to security problems. However,
it does explain what business decision-makers should know about information
security to enable them to ask informed questions and make informed decisions on the
security products they buy and use.

Who will find it useful?

The MGIS should quickly become an essential part
of:

the collateral information that vendors distribute on their security products

in presentations and seminars,

as internal information,

in training activities,

in situations where a question arises on understanding of basic information security
issues.

To encourage this, we are offering bulk supply of
paperback copies of the MGIS to anyone who needs them. Please contact Ian Dobson for
inquiries on ordering bulk supplies.

More in this series

We plan to publish further Guides that make other
information technology issues similarly accessible to business managers and others who
need to make informed decisions on the information systems they buy and use, yet do not
wish to have to acquire expertise in the technology.

Objectives of MGIS

A Business Manager who has read this short (about 50 paperback-size pages) book should
be able to understand what IT security people are talking about, understand what goes into
a security management regime (including policy, process and /procedures, technology,
audit/assurance), so as to be able to discuss:

formulation of security objectives appropriate to their business

identification of their information security risks

recognition of what security controls address these risks

planning for new controls as their business systems evolve and are exposed to new risks

so as then to evaluate at a sufficient high level what major security technologies do,
and make informed decisions on investing in the right security solutions for their
business.

Outline Structure of MGIS

Story-Line 1: The audience, and the authors - who this book is for, and who it is from.

Story-Line 2: Why security is important to your business.

Story-Line 3: IT Security from a business perspective - understanding what is needed and
why.

Story-Line 4: What to expect (and what not to expect) from security solutions.